Fuzzing is a technology for automizing the analysis of implementation against errors, bugs, and vulnerabilities. Modern fuzzing techniques have greatly accellerated the hardening of parsers and protocol implementations in particular. In our research group, we develop, utilize and innovate on fuzzing frameworks for Internet cryptographic protocols.

We are looking for motivated students to research, develop and integrate components that form part of our fuzzing frameworks. Topics may range from in-depth mutation strategies, integration of oracle techniques to solving complexity and scaling. Our main development languages are Rust and Python, so students are expected to have familiarity with or invovled interest in learning these languages. Moreover, students should be comfortable with working in Linux, navigating build and virtualization processes, and thoroughly documentating their work. Please get in touch for more details.

The internet is comprised of over a million networks, all of whom are owned by different entities and host a variety of services. The process of extracting information about these prefixes is difficult and complicated, especially in bulk. Any internet user can extract a subset of information on a per network basis by querying different online sources. However, most sources have incomplete, sometimes outdated information, and generating a correct network profile requires querying and parsing data from multiple sources with different formats, and extracting and processing information based on semantic context.

In this thesis, we want to bring order to the chaos. The aim is to develop an LLM-powered agent that collects, extracts and categorizes prefix information from multiple sources to create a dataset of internet prefix information. Students interested in this topic must have very good programming skills (any language), and either existing experience or very strong interest in learning how to use, train and refine LLMs. This topic requires familiarity or willingness to learn how to build RAG pipelines.

Much like our universe, the Internet is plagued by Background Radiation (IBR): millions of unsolicited packets sent daily to IPs and ports that were not prepared to receive them. The nature of these packets can be either benign (erroneously sent, service/scanner misconfigurations) or malicious (worms, DDoS backscatter, vulnerability scanners). Regardless of the nature of these packets, internet traffic pollution tells a story about the underbelly of the Internet: the orphaned misconfigured servers, the malware knocking on doors to find itself a new home, infected hosts (bots) scanning the internet for new peers, etc.

The purpose of this thesis is to analyze historical and recent data on background radiation, evaluate the IBR traffic, profile the sources and purpose of this traffic, and propose mitigation techniques. Students interested in this topic must have good programming skills in a language of their choice and familiarity with networking protocols.

Currently, the PKI (Public Key Infrastructure) system is based on the issuance of certificates by trusted Certificate Authorities (CAs). These ensure the authenticity and trustworthiness of identities. However, there are also alternative approaches in which users create their own certificates and build a network of authentications through mutual verification. This concept is known as the Web of Trust. However, a major disadvantage of this model is the inefficient distribution of the necessary authentication information.

Bloxberg is a blockchain instance based on Ethereum technology that is operated by over 60 universities worldwide. The goal is to use this blockchain to overcome the weaknesses of the Web of Trust and enable efficient, decentralized verification of certificates.

Artificial intelligence, especially large language models (LLMs) such as ChatGPT, have become established in many areas of everyday life and the working world and are now an integral part of numerous processes. Their performance is generally impressive due to their high precision and flexibility. However, the use of such models raises concerns, especially when processing sensitive information or information that is subject to data protection laws, as they are often operated in online environments and personal data could potentially be exposed. A promising alternative is the use of open-source LLMs, which can be run locally and under the control of the users. These projects are achieving increasingly acceptable results, but their quality often still lags behind that of large commercial models such as ChatGPT or Claude. The aim of this work is to optimize the performance of local LLMs through targeted prompt engineering with the help of leading online models. The aim is to investigate the extent to which prompt engineering techniques supported by powerful models such as ChatGPT can contribute to improving the quality of local LLM results.

Denial-of-service (DoS) attacks aim to disable Internet infrastructure in a variety of ways. Distributed servers that independently or recursively request resources from the Internet are particularly vulnerable to abuse in distributed DoS (DDoS) attacks. The amplification factor of such systems is crucial: Can an attacker sending few messages trigger a large amount of traffic being sent to the victim? The goal of this thesis is to research, analyze, and evaluate mechanisms and attack vectors in Internet infrastructure that can be exploited for (D)DoS attacks.

Students interested in this topic should have background knowledge of distributed systems, Internet protocols, network components, and basic concepts of cybersecurity (or be willing to acquire this knowledge before starting the work). In addition, knowledge of C (possibly Python, Rust) and experience with Linux are required.

DNS tunneling is a technique by which a covert communication can be realized bypassing firewalls or other network packet filters. This is achieved by encoding the information in DNS queries and responses, the permeability of which through network filters is essential for the internet functionality. The goal of this thesis is to develop and implement a novel DNS tunnel that incompasses new encoding strategies to potentially achieve higher traffic volume and lower detectablilty compared to existing implementations.

Students interested in this topic are ideally expected to be knowledgable about networks and internet protocols, have prior experience in programming with Python and are proficient in working with Linux to the extend of setting up containerized applications, network configurations, and firewalls.